[MDEV-14101] Provide option to select TLS protocol version - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Fix Version/s: 10.4.6
Component/s: SSL
Labels:
None

Description

Currently it's not possible to run MariaDB with a specific TLS protocol, option --ssl_cipher=:TLSv1.2 excludes cipher suites < TLSv1.2, but doesn't set the protocol to TLSv1.2 only.

Suggestion:

--tls-version=versions

Valid values are TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 (OpenSSL only) or a combination (separated by comma) of them.
If not specified default=TLSv1,TLSv1.1,TLSv1.2, TLSv1.3 will be used for OpenSSL, TLSv1,TLSv1.1 for Yassl.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDEV_14101_10_2.patch
2018-11-30 15:30
21 kB
Georg Richter
MDEV-14101.patch
2018-11-19 08:37
16 kB
Oleksandr Byelkin
MDEV14101.patch_new
2018-11-23 08:11
15 kB
Georg Richter

Issue Links

blocks

MDEV-15596 10.2 doesn't work with openssl 1.1.1

Closed

MDEV-17184 main.ssl* and main.openssl* tests are failing with OpenSSL 1.1.1.

Closed

MDEV-19542 Disable SSLv3 and TLSv1.0 by default

Closed

relates to

MDEV-19475 Add support for OpenSSL configuration files

Closed

ODBC-228 Add parameter that corresponds to MARIADB_OPT_TLS_VERSION option from MariaDB Connector/C

Closed

CONC-403 Disable TLS v1.0

Open

MDEV-19847 Update mysqladmin man page

Closed

(2 relates to)

Activity

Ascending order - Click to sort in descending order

Sergei Golubchik added a comment - 2018-08-20 11:14

georg, I don't seem to be able to find the patch. Where can I see it?

may be it can go into an earlier version, but I need to see the patch first

Sergei Golubchik added a comment - 2018-08-20 11:14 georg , I don't seem to be able to find the patch. Where can I see it? may be it can go into an earlier version, but I need to see the patch first

Oleksandr Byelkin added a comment - 2018-11-20 11:13

Please reassign it when my review will be needed, just for now you can put your time here.

Oleksandr Byelkin added a comment - 2018-11-20 11:13 Please reassign it when my review will be needed, just for now you can put your time here.

Georg Richter added a comment - 2018-11-30 15:30

Sanja,

latest attachment is for 10.2 - it includes also fixes for ~~MDEV-17184~~

Georg Richter added a comment - 2018-11-30 15:30 Sanja, latest attachment is for 10.2 - it includes also fixes for MDEV-17184

Oleksandr Byelkin added a comment - 2018-12-03 09:43

OK to push after testing on buildbot

Oleksandr Byelkin added a comment - 2018-12-03 09:43 OK to push after testing on buildbot

Geoff Montee (Inactive) added a comment - 2019-03-07 01:11

I see that MariaDB Connector/C already supports this.

It looks like the patch for the server was approved too. Is it ready to push, or does more work still need to be done?

Geoff Montee (Inactive) added a comment - 2019-03-07 01:11 I see that MariaDB Connector/C already supports this. It looks like the patch for the server was approved too. Is it ready to push, or does more work still need to be done?

People

Assignee:: Georg Richter

Reporter:: Georg Richter

Votes:: 2 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2017-10-22 06:22

Updated:: 2024-07-08 00:37

Resolved:: 2019-06-17 12:20

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Git Integration